PRIVACY POLICY

jagaSTAFF.com

This Privacy Policy explains how jagaSTAFF (“jagaSTAFF”, “we”, “us”, “our”) collects, uses, discloses, stores, and protects personal data when you visit our website, create an account, or use our HR platform and related services (collectively, the “Service”).

This Policy is intended to align with Malaysia’s Personal Data Protection Act 2010 (Act 709) (“PDPA”) and related guidance.

1. Who We Are (Data Protection Contact)

Service Name: jagaSTAFF (jagaSTAFF.com)
Email: support@jagastaff.com

2. Scope

This Policy applies to:

  • Website visitors (marketing pages, forms, cookies), and
  • Users of the Service (account owners/admins, employees whose data is uploaded, and other authorized users).

If you are an employee whose data is managed by your employer using jagaSTAFF, your employer is usually responsible for determining what data is collected and why (see Section 4).

3. Key Definitions

“Personal Data”: Any information that can identify an individual directly or indirectly (e.g., name, NRIC/passport, email, phone, bank info).

“Processing”: Collecting, recording, holding, using, disclosing, storing, transferring, or deleting data.

4. Roles: Customer vs. jagaSTAFF (Controller/Processor)

Depending on context:

For HR platform data (employee HR/payroll/attendance data):

  • The Customer (your employer/company) is typically the data controller/data user (decides purpose and means).
  • jagaSTAFF acts as a service provider/data processor (processes data to deliver the Service).

For website visitors and our own business operations (sales, billing, support):

  • jagaSTAFF is typically the data controller/data user.

5. What Personal Data We Collect

We may collect the following categories of Personal Data:

A. Account & Organization Information (Admins/Users)
  • Name, work email, phone number
  • Company name, address, industry, organization settings
  • User roles/permissions and login credentials (encrypted/hashed where applicable)
B. HR & Employee Data (Uploaded/Entered by Customer)
  • Employee profile details (name, NRIC/passport, DOB, gender, address)
  • Employment details (job title, department, employment status, start/end date)
  • Attendance/leave records, shifts, timesheets
  • Payroll details (salary, allowances, deductions, bank account for salary, statutory numbers where applicable)
  • Claims and supporting documents (e.g., receipts)
  • Emergency contact details (if provided by Customer)
  • Documents uploaded by Customer (offer letters, contracts, certificates, etc.)
C. Billing & Transaction Data
  • Billing contact details, invoice details
  • Payment status and transaction references (payment card details are typically handled by our payment gateway, not stored by us)
D. Support & Communications
  • Support tickets, chat/email correspondence, call logs (if any)
  • Feedback, survey responses
E. Technical & Usage Data
  • IP address, device type, browser, operating system
  • Log data, audit trails (e.g., who changed payroll, approvals)
  • Cookies/analytics identifiers (see Section 12)

6. How We Use Personal Data (Purposes)

We use Personal Data to:

  • Provide, operate, and maintain the Service (HR functions, payroll calculations, reporting)
  • Create and manage accounts, roles, access control, and audit logs
  • Process subscriptions, billing, invoices, and payment verification
  • Provide customer support and troubleshooting
  • Improve performance, reliability, and user experience (product analytics)
  • Secure the Service (fraud detection, abuse prevention, system monitoring)
  • Comply with legal obligations and respond to lawful requests
  • Send service notices (e.g., maintenance updates, security alerts)
  • Send marketing or product updates to admins/business contacts (you may opt out where applicable)

7. Disclosure: Who We Share Data With

We may disclose Personal Data to:

  • Service providers (hosting/cloud infrastructure, email/SMS providers, analytics, customer support tools, payment gateways) strictly to operate the Service
  • Professional advisers (auditors, lawyers, accountants) where necessary
  • Authorities if required by law or lawful request
  • Business transfer parties (merger/acquisition) with appropriate safeguards

We do not sell your Personal Data.

8. Cross-Border Data Transfers

Your data may be stored or processed in locations outside Malaysia (e.g., cloud servers or support tools). Where cross-border transfers occur, we will take reasonable steps to comply with PDPA cross-border transfer requirements, including using appropriate safeguards and assessments as required.

9. Security Measures

We apply reasonable administrative, technical, and organizational security measures, which may include:

  • Access controls and role-based permissions
  • Encryption in transit (where supported) and secure credential storage
  • Activity logs/audit trails
  • Regular security updates and monitoring

However, no method of transmission or storage is 100% secure. You are responsible for safeguarding your login credentials and configuring access permissions appropriately.

10. Data Retention

We retain Personal Data only as long as necessary for the purposes stated in this Policy, including:

  • Maintaining your account and providing the Service
  • Meeting legal, accounting, and compliance requirements
  • Resolving disputes and enforcing agreements

Upon account termination or expiry, we may retain data for a limited period for backup, legal, or operational reasons, after which it will be deleted or anonymized where feasible—subject to Customer instructions and legal requirements.

11. Your Rights (Access, Correction, Withdrawal)

Subject to applicable law and verification:

  • You may request access to Personal Data we hold about you
  • You may request correction of inaccurate or incomplete data
  • You may withdraw consent where processing is based on consent (this may affect Service availability for certain features)
  • You may request deletion/export where applicable and feasible

If you are an employee and your employer uses jagaSTAFF, some requests may need to be directed to your employer (the data controller). We will support the employer where appropriate.

12. Cookies & Analytics

We use cookies and similar technologies to:

  • Keep you logged in and maintain sessions
  • Remember preferences
  • Analyze traffic and improve the Service

You can control cookies through your browser settings. Some cookies are essential; disabling them may affect functionality.

13. Third-Party Links & Integrations

The Service may contain links to third-party sites or integrate with third-party tools (e.g., WhatsApp links, email services). Their privacy practices are governed by their own policies. We recommend reviewing them.

14. Children’s Privacy

The Service is intended for business/HR use and is not designed to be used by children. We do not knowingly collect Personal Data from children through the Service.

15. Changes to This Privacy Policy

We may update this Policy from time to time. The latest version will be posted on our website with an updated “Effective Date.” Material changes may be notified via email or in-app notice where practical.

16. Contact, Complaints & Disputes

If you have questions or requests regarding this Policy or your Personal Data, contact:
Email: support@jagastaff.com

If you are not satisfied with our response, you may also contact Malaysia’s Department of Personal Data Protection (PDP).